Event auditing, Auditing traffic anomaly logs – H3C Technologies H3C SecCenter UTM Manager User Manual

201

Figure 193 Add a report export task

Table 178 Configuration items of a report export task

Item Description

Task Name

Required
Specify the name of the task.
The name can comprise up to 40 characters.

Period

Required
Specify the export interval, which can be Day, Week, Month, or Year. The default is

Day.

Filter

Optional
Specify the data to be included in the file by selecting a filter.

Template

Required
Specify the template for exporting reports. Only one template is available at present.

Notification Mode

Optional
Specify the Email box, to which the export file will be sent.

Return to

Report export task management functions

.

Event auditing

The event auditing function allows you to audit abnormal traffic logs, blacklist logs, operation logs, NAT
logs, inter-zone access control logs, MPLS logs, and other logs. It also supports exporting up to 10,000

entries of logs. If there are more than 10,000 log entries, only the first 10,000 entries will be exported.
The event auditing function does not support cross-day query. If the query period spans a day or the

query start time is later than the end time, the end time will automatically change to 23:59 of the same

day as the start time.

Auditing traffic anomaly logs

From the navigation tree of the firewall management component, select Abnormal Traffic Logs under

Event Auditing to enter the abnormal traffic log auditing page. This page lists the logs in order of time,

with the most recent log at the top. Each log records the time, source IP, and destination IP of the